It wouldn't be an issue for the master branch as that only works on PHP 8. password_hash has changed for PHP 8 in that it no longer returns false but now throws an exception. For older versions of PHP, you should check password_hash did not return false and don't store it in the database if it did.
OpenCart seems to store passwords using SHA1 with salt in MD5, which is a bit more secure than the outdated and non-compliant MD5 hash used by the website in the news article. However, using an older version of OpenCart such as 1.5x or 2.x might still be considered a security risk and potentially subject to fines if it has known vulnerabilities and is no longer receiving updates. The use of end-of-life PHP versions like 7.2 and older could also potentially be in violation of GDPR if they don't have any more security updates. It's always a good idea to follow the latest security recommendations and guidelines from reliable sources. More about it here https://www.exposit.com/solutions/
Who is online
Users browsing this forum: No registered users and 2 guests